14-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 14 Inspection for Voice and Video Protocols
MGCP Inspection
Figure 14-1 Using NAT with MGCP
MGCP endpoints are physical or virtual sources and destinations for data. Media gateways contain
endpoints on which the call agent can create, modify and delete connections to establish and control
media sessions with other multimedia endpoints. Also, the call agent can instruct the endpoints to detect
certain events and generate signals. The endpoints automatically communicate changes in service state
to the call agent.
• Gateways usually listen to UDP port 2427 to receive commands from the call agent.
• The port on which the call agent receives commands from the gateway. Call agents usually listen to
UDP port 2727 to receive commands from the gateway.
Note MGCP inspection does not support the use of different IP addresses for MGCP signaling and RTP data.
A common and recommended practice is to send RTP data from a resilient IP address, such as a loopback
or virtual IP address; however, the ASA requires the RTP data to come from the same address as MGCP
signaling.
Configure MGCP Inspection
Use the following process to enable MGCP inspection.
Procedure
Step 1 Configuring an MGCP Inspection Policy Map for Additional Inspection Control, page 14-14.
Step 2 Configure the MGCP Inspection Service Policy, page 14-15.
119936
Cisco
CallManager
Gateway is told
to send its media
to 209.165.200.231
(public address
of the IP Phone)
M
IP
M
M
Cisco
PGW 2200
H.323
To PSTN
209.165.201.10
209.165.201.11
209.165.201.1
IP IP
Branch offices
RTP to 209.165.201.1
from 209.165.200.231
RTP to 10.0.0.76
from 209.165.200.231
10.0.0.76
209.165.200.231
MGCP
SCCP
GW
GW
209.165.200.231